CEO email Fraud: audit4mail helps you highlight information.

Transfer order scams have caused over $2.3 billion in damage since 2013, and claimed victims in every U.S. state and in at least 79 countries (figures); at least 17,642 victims (mainly companies) have suffered their disastrous consequences. Some have lost all, or at least part, of their cash flow. And in serious cases, it ended in the windup of the company.

A wire transfer is a financial transaction from one account to another. Once a wire transfer order is accepted by the banking system, it cannot be canceled: it’s irrevocable.

The scam attempt consists in getting a corporate collaborator to execute a transfer order for a seemingly good cause. But, in reality, it’s all for the benefit of a crook. There are two ways they can get in touch with your company: by phone and by email.

By providing the means to conduct a careful analysis of email data, AUDIT4MAIL helps companies avoid getting duped by these clever con artists.

Listed below are the variations these types of scams can take (this list is not exhaustive), how to protect yourself from them, and how AUDIT4MAIL can help you:

The “fake president” scam

In this scenario, a scammer poses as a company executive and tries to convince one of your employees, by email, to perform an urgent and confidential transfer to an account (often based abroad). To do this, the scammer is simply using information about the company and its leaders that they’ve either gathered from the internet or culled from previous telephone conversations with the company.

How to protect yourself:

• Verify the identity of the caller by contacting him again, this time using safe, common details (e.g. those from the corporate directory and not those supplied by the caller), or simply by consulting the “My timeline” interface on AUDIT4MAIL—you won’t regret it.

For example, they’ll use jean.dupont@sale-team.com instead of jean.dupont@sales-team.com. AUDIT4MAIL provides you with an at-a-glance indication if your contact truly is your daily operations partner.

AUDIT4MAIL will automatically distinguish between the two emails by comparing email addresses. You can therefore avoid fraud—and then notify the authorities!

The internal emails (in green) in normal interactions:

The email address of the person trying to steal an identity (in blue):

• Notify your superiors: a well-intentioned person would not ask you to hide information from your managers.

• Respect the separation of powers:
-If you possess the rights to make significant payments alone, you are at risk. Talk to your manager about this (no one should have all three powers of: transfer, entry, and validation for payment).
-The means of authentication and signatures are personal: never entrust them to a colleague, and refuse if a colleague shares theirs with you.
-The separation of roles doesn’t only protect the company, it also protects you.

The “bank details” scam

A scammer leads one to believe there has been a change of bank details of a lessor, a vendor, or any other creditor of the company, for the next rent payment (or any other type of bill). This may seem like a normal pattern in business activity, possibly due to a management consolidation at a group level, a new bank, etc. The scammer then sends back the new bank details by e-mail, the message possessing characteristics very similar to those from the usual contact (e-mail, mail header, etc.).

How to protect yourself:

• Verify the identity of the caller by contacting them again using safe, common details (e.g. those in the corporate directory and not those provided by the caller) during any details change request (email, telephone number, etc.) or when providing new bank account details. Be sure to check AUDIT4MAIL’s “Account panorama” interface in order to verify the caller’s email. And while you’re at it, consider contacting another person from the company to validate the information.

•Be suspicious if the new account is located abroad
The ISO country code is found in the first 2 letters of the IBAN, and the 5th and 6th letters of the BIC.
• Cyprus: CY17002001280000001200527600 – BIC: ABKLCY2N
• US: US7630046001290029721519546 -BIC: ABCDUS1N
• FR: FR7630046001290029721519546 -BIC: ABCDFR3N

• Cover your customers’ and suppliers’ bases against computer intrusions.
• Write to your customers to educate about the proper protocol and encourage them to follow the rules.

The “computer” scam

In this scenario, the scammer poses as a technician from the targeted company’s bank’s connectivity service and tries to convince the employee to execute “transfer tests.” They may also impersonate one of the company’s IT service providers and request the installation of software with the secret intent of recovering security information or hacking the company’s computer network.

How to protect yourself:

• Contact your bank’s business manager using the usual contact information in order to verify the identity of any person claiming to be part of their team.
• Refuse remote logins on your PC from any person whose identity is unverified: do not go to a suspect Internet address, do not click on suspicious links, etc.
• Do not perform tests requested by a technician: Do not add third-party accounts and do not commit to transactions or discounts. Never do a transfer test with a higher value than $1, even if it comes from your initiative.
• Never share personal codes with anyone (e.g. numbers generated by your wireless reader, passwords, PIN codes, etc.).
• Protect both your computer network and your PC against intrusions and malware.

In case of fraudulent transfer or suspicion:

1- Warn your hierarchy
2- Contact your bank
3- Contact the police

How Audit4mail can help:

AUDIT4MAIL helps you distinguish your employees’ and partners’ emails from those of scammers via a quick-and-easy interface.